>Hello,
>
>I've successfully compiled and installed the x.509-patched version from
>Roumen. I've also installed our small CA file and was able to modify
>certificates so they would be used for and verified from the patched
>version.
>Now I'd like to disable all other logins (publickkey, keyboard) other then
>
>
sshd_config contain XXXAuthentication options.
X.509 certificates support is kind of PubkeyAuthentication.
OpenSSH support "ssh-dss" and "ssh-rsa" "public key algorithms".
My patch extend supported "public key algorithms" with "x509v3-sign-rsa"
and "x509v3-sign-dss".

Note that X.509 certificates can be used in
HostbasedAuthentication(disabled by default in sshd_config) too.

In future versions I might add two new server options "PubkeyAlgorithms"
and "HostbasedAlgorithms" to implement you request.

>the ones that can show a valid certificate. From the settings of
>config_sshd this seems not to be possible, have I anything overseen?
>
>
>Thanks,
>Soeren Gerlach
>
>